Here the output I got when I read the following from the prompt as root: # openssl s_client -connect <server ip>:443 CONNECTED(00000004) depth=0 /CN=<server url> verify error:num=18:self signed certificate verify return:1 depth=0 /CN=<server url> verify return:1 --- Certificate chain 0 s:/CN=<server url> i:/CN=<server url> --- Server certificate -----BEGIN CERTIFICATE----- <cert info> -----END CERTIFICATE----- subject=/CN=<server url> issuer=/CN=<server url> --- No client certificate CA names sent --- SSL handshake has read 659 bytes and written 324 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: F01F000016E12FA021E0550C3B4E278053809D37116C03644D4827EEA147F11C Session-ID-ctx: Master-Key: <key info> Key-Arg : None Start Time: 1180967593 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- read:errno=54 -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: Saturday, June 02, 2007 5:49 AM To: Jason Hitt Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Cert issue on reserve proxy fre 2007-06-01 klockan 10:45 -0500 skrev Jason Hitt: > We tried the below cache effective user command with no success, even > when we made openssl daemon user and did a chown on the logs and cache > folder for it. Not sure what the s_client is for. We're so close, just > need this last bit. s_client is a simple SSL client for connecting to SSL servers such as https servers. The command "openssl s_client -connect webserver:443" opens an SSL connection to the webserver on port 443, and shows details about the negotiated SSL connection. When connected it waits for data to send to the server over the SSL connection and/or shows responses from the server. You can find an example output of a valid session at http://paste.lisp.org/display/42143 The HEAD /.. part was typed by me after the connection was established. Regards Henrik